I don't think this is possible with nftables. When you create a
set/map, you need to give each element a type, so either `ipv4_addr`
or `ipv6_addr`.
If you do find out a way, please let me know, because I would also
like to do it. :-)
On Thu, Sep 26, 2019 at 4:31 AM Anton Rieger <rieger@xxxxxxxxx> wrote:
>
> Hi there,
>
> I'm trying to figure out the best way to apply a rule on a set of IP and IPv4 ranges.
> My current workaround is to do the following:
>
> RULE jump customnet
>
> chain customnet {
> ip saddr {192.0.2.0/24, 198.51.100.0/24} drop
> ip6 saddr {2001:DB8:4::/48, 2001:DB8:7::/48} drop
> }
>
>
> I think it might be possible to do this somehow with maps and meta nfproto expressions.
>
> BTW:
> It would be nice to have an ip4 alias to better match ip6/ip rules.
> Also resetting the default address family might be useful.
> For example I'm using more ip6 and inet than ip.
>
> Thank you,
> Anton
